views:

54

answers:

2

EDIT: I found out that the keys aren't the problem like I said in the comments. I can use them without any issues to encrypt and decrypt data on OpenSSL.

But I need to decrypt a string on OpenSSL that was previously encrypted via Crypto++ and that's not working.

I'll post additional details later.

Hi, I have encrypted a string using an RSA public key generated with Crypto++ and now I'm trying (still unsuccessful) to decrypt it via PHP and OpenSSL.

That is what I'm doing:

  • The private key which is NOT base64 or hex encoded is stored in a file called "rsa-private.key"
  • The encrypted message is stored in "message.txt" (hex encoded)

STEP 1: Load the private key via: $key = file_get_contents("rsa-private.key");

STEP 2: Convert the key into PEM format using the following function:

<?php
function pkcs8_to_pem($der) {

    static $BEGIN_MARKER = "-----BEGIN PRIVATE KEY-----";
    static $END_MARKER = "-----END PRIVATE KEY-----";

    $value = base64_encode($der);

    $pem = $BEGIN_MARKER . "\n";
    $pem .= chunk_split($value, 64, "\n");
    $pem .= $END_MARKER . "\n";

    return $pem;
    }

    $PEMprivatekey = pkcs8_to_pem($key); 
?>

( stackoverflow.com/questions/1357569/ )

STEP 3: Prepare the key for further use by OpenSSL: (without any problems)

<?php
$privateKey = openssl_get_privatekey($PEMprivatekey);
if (!$privateKey) {
    echo "Cannot get public key";
}
?>

STEP 4: Get the message and decode the message using the following function:

<?php
function hex_to_str($hex){

    for ($i=0; $i < strlen($hex)-1; $i+=2) {
    $string .= chr(hexdec($hex[$i].$hex[$i+1])); }
    return $string;
}

$message = file_get_contents("message.txt");` 
$encryptedstring = hex_to_str($message);
?>

STEP 5: Decrypt the string: (does not work)

<?php
openssl_private_decrypt($encryptedstring, $decrypteddata, $privateKey);
if (!$decrypteddata) {
    echo "........"; } else { echo $decrypteddata; }
?>

$decrypteddata is always empty.

I can't figure out why it's not working. Anyone noticed something I'm doing wrong?

A: 

Ok, i dont know if this is the issue, but i guess at this point anything is helpful.

I've created a small openssl/php test script and for testing proposes 2 public-private-key pairs.

openssl genrsa -des3 -out private.pem 1024
openssl rsa -in private.pem -out public.pem -outform PEM -pubout

openssl genrsa -out master.key 1024
openssl rsa -in master.key -pubout -out master.pub

the first pair uses an phrase "phrase"

used both pairs with this script to test the output

$source = "FAIL";
echo "<pre>Source: $source";
$fp=fopen("./keys/master.pub","r");
$pub_key=fread($fp,8192);
fclose($fp);
openssl_get_publickey($pub_key);
openssl_public_encrypt($source,$crypttext,$pub_key);
echo "\n\nString crypted: $crypttext";
flush();
$fp=fopen("./keys/master.key","r");
$priv_key=fread($fp,8192);
fclose($fp);
// phrase is required if your key is encoded (suggested)
$res = openssl_get_privatekey($priv_key, 'phrase');
openssl_private_decrypt($crypttext,$newsource,$res);
while($error = openssl_error_string()) {
    echo "\n" , $error;
}
echo "\n\nString decrypt : $newsource";

beside an error:0906D06C:PEM routines:PEM_read_bio:no start line error-message all went fine

BUT when i mix the keys (just to see what error-message will be created) guess what errors openssl_error_string returns:

error:0906D06C:PEM routines:PEM_read_bio:no start line
error:0407106B:rsa routines:RSA_padding_check_PKCS1_type_2:block type is not 02
error:04065072:rsa routines:RSA_EAY_PRIVATE_DECRYPT:padding check failed

so you could check if your message is encrypted with the right public key

maggie
A: 

phpseclib is fully interoperable with OpenSSL and is generally regarded as being much easier to use. The following URL provides several examples of how to inter-operate with OpenSSL:

http://stackoverflow.com/questions/2608541/rsa-encrypt-in-php-to-decrypt-in-net/2613865#2613865

notedshow